================================================================================ PHISHDESTROY — EVIDENCE MANIFEST FOR LAW ENFORCEMENT Subject: xmrwallet.com (Monero theft) + NameSilo Inc. (registrar complicity) Archive: phishdestroy.eth.limo (IPFS) / arweave.net (permanent) Contact: abuse@phishdestroy.io Date: 2026-05-14 ================================================================================ CASE SUMMARY xmrwallet.com is a fraudulent Monero web wallet active since 2016. Mechanism: server-side private view key exfiltration + transaction hijack. Estimated theft: $2M-$15M+ across 15+ documented victims. Largest single documented theft: 2,600 XMR (~$780,000). NameSilo Inc. (ICANN-accredited registrar, CSE:URL) publicly defended the operator, refused 20+ abuse reports, and helped suppress security warnings. ================================================================================ 1. FILE STRUCTURE ================================================================================ namesilo-evidence/ ├── evidence/ 16 PNG screenshots (operator emails, tweets) ├── xmrwallet-evidence/ │ ├── screenshots/ 15 PNG (GitHub issues, DNS maps, VirusTotal) │ ├── tweets/ 25 PNG (Twitter/X suppression evidence) │ ├── pdfs/ 4 PDF + 3 TXT (reports, ICANN complaint) │ ├── deleted-issues/ 2 HTML (cached GitHub issues #35, #36) │ ├── medium-mirror/ 1 HTML + 1 MD (cached Medium article) │ └── technical/ 2 files (JS capture, network analysis) ├── osint/ SEO manipulation analysis, OSINT report ├── ALL_EVIDENCE_HASHES.txt 60 SHA-256 hashes (primary evidence) ├── EVIDENCE_HASHES.txt 16 SHA-256 hashes (screenshots) ├── ARCHIVED_EVIDENCE_INDEX.txt All archived URLs with Wayback links └── this file ================================================================================ 2. PRIMARY EVIDENCE FILES — SHA-256 VERIFIED ================================================================================ All hashes in ALL_EVIDENCE_HASHES.txt. Verify with: sha256sum -c ALL_EVIDENCE_HASHES.txt --- OPERATOR COMMUNICATIONS (evidence/) --- 01-operator-email-feb16.png Content: Email from xmrwallet operator (Nathalie Roy / nathroy) to PhishDestroy Date: 2026-02-16 Key quote: "Feel free to subpoena the domain registrar" Proves: Operator knew NameSilo would protect them BEFORE public defense 01-phishdestroy-reply-feb16.png Content: PhishDestroy reply with technical evidence of key theft Date: 2026-02-16 Proves: Operator was presented with proof and chose to delete evidence 03-namesilo-statement-mar13.png Content: NameSilo public tweet defending xmrwallet.com Date: 2026-03-13 Key quote: "We have been in touch with the registrant and they tell us [...]" Proves: NameSilo contacted scammer, accepted their denial, closed complaint --- NAMESILO TWEETS (evidence/) --- 04-tweet-namesilo-is-lying.png Content: PhishDestroy response to NameSilo's false statement 04-tweet-press-secretary.png Content: "NameSilo became the press secretary for a $2M theft operation" 04-tweet-honest-question.png Content: Community response questioning NameSilo's defense 04-tweet-cryptopus-quote.png Content: Third-party crypto researcher confirming scam 14-tweet-thread-mar14-lies-exposed.png Content: Thread exposing each lie in NameSilo's statement 15-tweet-thread-mar14-abuse-dept-disgrace.png Content: NameSilo abuse department failures documented 16-tweet-mar14-vt-delisting-service.png Content: NameSilo praised operator for removing Fortinet "Phishing" label Proves: Registrar helped suppress security vendor detection of active scam 05-tweet-scam-banner-registrars.png Content: Comparison — 3 of 4 registrars suspended, NameSilo protected --- SUPPRESSION EVIDENCE (evidence/) --- 06-x-support-no-violation.png Content: X/Twitter support saying PhishDestroy account has "no violation" 06-x-support-subject-restored.png Content: Account restored after suspension was reversed Proves: Suspension was false/coordinated, not legitimate violation 12-ghostarchive-namesilo-tweet-top.png 13-ghostarchive-namesilo-tweet-full.png Content: GhostArchive permanent capture of NameSilo's deleted tweet Proves: NameSilo deleted their own public defense after exposure 09-phishdestroy-platform.png Content: PhishDestroy platform overview --- TECHNICAL EVIDENCE (xmrwallet-evidence/screenshots/) --- issue35-overview.png GitHub Issue #35 full investigation (deleted by operator) issue35-endpoints.png API endpoints exfiltrating view keys issue35-authflow.png Authentication flow showing session_key theft virustotal-detection.png 6 security vendors flag xmrwallet as malicious dnsmap-xmrwallet-com.png DNS infrastructure map — primary domain dnsmap-xmrwallet-cc.png DNS infrastructure map — suspended alt domain dnsmap-xmrwallet-biz.png DNS infrastructure map — suspended alt domain --- VICTIM EVIDENCE (xmrwallet-evidence/screenshots/) --- github_issue_13_scam.png GitHub #13: "project is a scam dont use it!!!!!" github_issue_15_money_stolen.png GitHub #15: "Money stolen from wallet" bitcointalk_400xmr.png BitcoinTalk: ~400 XMR ($120K+) stolen Dec 2025 bitsmedia_russian_victim.png Russian victim: 30 XMR stolen after 5 hours old-ru-dog.png Early Russian-language scam warning ================================================================================ 3. PDF REPORTS ================================================================================ xmrwallet-scam-evidence-report.pdf (+ .txt) Full technical evidence report. Server-side key theft mechanism. 40+ API requests per session exfiltrating private view keys. Code divergence: GitHub (2018) vs production (2025). xmrwallet-victim-advisory.pdf (+ .txt) What to do if you lost funds. Steps for victims. How to report to law enforcement, ICANN, platforms. xmrwallet-deleted-evidence-timeline.pdf (+ .txt) Timeline of evidence destruction by operator. GitHub issues #1-#36 deleted. Code repositories modified. icann-complaint-namesilo-xmrwallet.pdf (+ .html) ICANN complaint against NameSilo (RAA Section 3.18). Registrar failed to investigate credible abuse reports. ================================================================================ 4. REGISTRAR COMPARISON — SUPPRESSION PATTERN ================================================================================ Registrar Domain Action Date PublicDomainRegistry xmrwallet.cc SUSPENDED Mar 2026 WebNic xmrwallet.biz SUSPENDED Mar 2026 NICENIC xmrwallet.net DNS DEAD Mar 2026 NameSilo xmrwallet.com DEFENDED SCAMMER Mar 2026 3 of 4 registrars independently determined xmrwallet is fraudulent. NameSilo is the ONLY registrar that publicly defended the operator. ================================================================================ 5. PLATFORM SUPPRESSION TIMELINE ================================================================================ Platform Action Date Evidence Medium Article deindexed from search Mar 2026 GSC screenshots dev.to Article + links removed Mar 2026 Screenshots Twitter/X PhishDestroy account suspended Mar 2026 06-x-support-*.png Twitter/X Account restored (no violation) Mar 2026 06-x-support-*.png GitHub PhishDestroy repo flagged Apr 2026 Wayback capture Bing Investigation pages deindexed Apr 2026 GSC data Pattern: Each suppression occurred within 24-72 hours of new evidence publication. Identical pattern across unrelated platforms = coordinated reporting by operator. NameSilo actively and aggressively suppresses evidence publication. Multiple abuse reports filed with ICANN were ignored. NameSilo threatened legal action against PhishDestroy — a pattern consistent with cornered fraud operators using legal threats to silence exposure rather than address the evidence. This forced the migration of all evidence to IPFS (decentralized, no takedowns) and Arweave (permanent on-chain storage). The investigation archive exists on censorship-resistant infrastructure specifically because centralized platforms proved unreliable against coordinated suppression by a well-funded operator with registrar-level protection. ================================================================================ 6. VICTIM TABLE ================================================================================ Victim Amount Date Source Archive anonymous 2,600 XMR — Trustpilot Deleted (screenshot preserved) "Elmo T. Johnson" 1,200 XMR — Trustpilot Deleted (Wayback proof) anonymous 590 XMR — Sitejabber LIVE isisB2B ~400 XMR Dec 2025 BitcoinTalk LIVE + Wayback anonymous $200,000+ Feb 2024 Teletype LIVE u/CryptoCrusader420 47 XMR Jul 2025 Reddit xcancel + Wayback Staker43 30 XMR Dec 2020 bits.media Wayback anonymous 28 XMR Aug 2020 Reddit Wayback singhsoro (Bitazu) $20,000 Sep 2020 Herald Sheets LIVE anonymous $3,250 Apr 2026 Telegram (CN) LIVE Canadian victim ~C$1M — Ontario UNVERIFIED hacking group ??? XMR ~2022 Leaked infra OSINT (amount undisclosed) edieshow unspecified May 2020 GitHub #15 Wayback veteranxxx unspecified Apr 2019 GitHub #13 Wayback bigrob69 unspecified Apr 2019 GitHub #11 Wayback Total documented: 4,895+ XMR (~$1.47M) + $223,250+ USD + ~C$1M (unverified) Estimated total (including unreported): $2M-$15M+ Note: Monero is untraceable — actual total likely far exceeds documented cases. ================================================================================ 7. OPERATOR IDENTIFICATION ================================================================================ Name: Nathalie Roy (alias) GitHub: nathroy (ID: 39167759) Reddit: u/WiseSolution (banned r/Monero 2018) Email: royn5094@protonmail.com WHOIS Address: 1928 E. Highland Ave. Ste F104 PMB# 255, AZ, US (= NameSilo/PrivacyGuardian.org registered address) Domain reg: 2016-08-29, expires 2031-08-29 (15-year prepaid) Hosting: 186.2.165.49, AS59692, IQWEB FZ-LLC (bulletproof) DDoS: DDoS-Guard Analytics: Google Tag Manager UA-116766241-1 SEO aliases: abrahambrantley, davidsingsones, hinrichspence30 ================================================================================ 8. HASH VERIFICATION ================================================================================ Three independent hash manifests cover all evidence: ALL_EVIDENCE_HASHES.txt 60 files (screenshots + tweets) EVIDENCE_HASHES.txt 16 files (primary screenshots) xmrwallet-evidence/EVIDENCE_HASHES.txt 28 files (technical + PDFs) Verification command (Linux/Mac): cd namesilo-evidence && sha256sum -c ALL_EVIDENCE_HASHES.txt All 104 files verified 2026-05-14: 104 OK, 0 FAIL, 0 MISSING. ================================================================================ 9. PERMANENT MIRRORS ================================================================================ IPFS (ENS): phishdestroy.eth.limo Arweave #1: arweave.net/LUuditolJS-Y15IezfpzRI36sxhd1CIvFNOf_eAG2AU Arweave #2: arweave.net/AIPE69i1hiOSxK-dFSJfCorzM7MqrB7od811lOVjynA Arweave #3: arweave.net/IF_iY6E7j5guSwEdAhPkcsCGGTh_ksuc07DCI_ILWg4 Arweave #4: arweave.net/FuLE0DlVkubREhGKDAoXVqjCPHCnr6qJhxQNDElH9kg Arweave #5: arweave.net/nk3Mo70zxlsritGNpS_vqQXwqWhS2Effy3see5-bVc4 Arweave #6: arweave.net/Gf-lkUaAQHvrX-_8VNoBlklbmLoIxWbWV6gm7K_FDUk GitHub: github.com/phishdestroy/ipfs-archive Content on Arweave is permanent and cannot be deleted by any party. ================================================================================ 10. NAMESILO DOMAIN LAUNDERING — FINANCIAL ANOMALIES ================================================================================ Full analysis: NAMESILO_DOMAIN_ANOMALY_REPORT.md Raw data: namesilo-domains-5.1M.csv.gz (54MB, 5,179,405 domains) DEAD DOMAIN ANOMALY: NameSilo manages 5.18M domains. 32.2% (1,668,355) have NEVER been activated: no IP, no email, no phone, no web presence, never indexed. Industry baseline (GoDaddy/Hostinger/Tucows/NetSol): 14.7%–21.4% NameSilo is 1.5x–2x ABOVE baseline. Estimated cost of dead domains: $12M Dead registrations grew 7x between 2023 ($654K) and 2024 ($3.34M). Who spends $12M on domains never used for anything? REVENUE INFLATION: NameSilo Technologies Corp (CSE:URL) is publicly traded. Reported revenue: C$65.5M. Market cap: C$133M. P/E: 143.8x. $50.8M of revenue comes from phantom/dead domain renewals. If dead domains are self-registered to inflate revenue = securities fraud. BULK REGISTRATION PATTERNS: 10,000–17,000 domains/day at peaks. Heavy concentration in cheap/abuse-prone TLDs (.xyz, .top, .click, .site). 95.9% have no email. 97.9% have no phone. 99.9% never indexed. COMPARISON WITH LEGITIMATE REGISTRARS: Registrar Total Dead% Dead Cost GoDaddy 65.4M 16.0% $107.5M (scale explains) Namecheap 24.1M 22.8% $49.0M (similarly cheap) NameSilo 5.18M 32.2% $12.0M (anomalous) Namecheap is equally cheap and bulk-friendly → 22.8% dead. NameSilo at 32.2% cannot be explained by pricing alone. SCAMADVISER QUOTE: "NameSilo has a high percentage of spammers and fraud sites" ARTISTS AGAINST 419 (2017): "NameSilo has become one of the go-to places for West African fraudsters" NETBEACON (Mar 2025): NameSilo named among "highest observed rates of malicious phishing" ================================================================================ 11. XMRWALLET DOMAIN INFRASTRUCTURE ================================================================================ Full domain analysis: xmrwallet/domains/ (per-domain README + DNS data) Domain Registrar IP Status xmrwallet.com NameSilo 186.2.165.49 ACTIVE (protected) xmrwallet.me Key-Systems (njal.la) 186.2.165.49 Active redirect xmrwallet.cc PublicDomainRegistry — SUSPENDED xmrwallet.biz WebNic — SUSPENDED xmrwallet.net NICENIC — DNS DEAD xmrwalllet.com (typosquat, 3x L) 85.192.48.109 Finland bestmonerowallet.com (SEO satellite) 63.250.38.31 US HOSTING: Primary IP: 186.2.165.49 (AS59692, IQWEB FZ-LLC — bulletproof hosting) DDoS protection: DDoS-Guard (Russian company) Web server: Apache 2.4.58 / Ubuntu / PHP 8.2.29 SSL: Let's Encrypt (auto-renewal) Tor hidden service: xmrwalletdatuxms.onion Annual hosting cost: $8,000–$15,000 (bulletproof = premium) ESCAPE DOMAIN PATTERN: Operator registered alternate domains BEFORE investigation was published. xmrwallet.cc/.biz/.net were pre-registered as fallback infrastructure. When 3 registrars suspended, operator already had .me (via njal.la/Njalla, founded by Pirate Bay's Peter Sunde — privacy-focused, harder to take down). NAME PARASITISM: The name "xmrwallet" was stolen from legitimate project github.com/m2049r/xmrwallet (Monerujo wallet, existed years before). Operator created subdomain m2049r.xmrwallet.com to parasitize the real developer's search weight. No legitimate wallet project does this. ================================================================================ 12. TECHNICAL THEFT MECHANISM ================================================================================ Full technical report: xmrwallet-scam-evidence-report.pdf (+.txt) Code analysis: xmrwallet-evidence/technical/YOUR_KEYS_ARE_MINE.md Network capture: xmrwallet-evidence/technical/captchajs.txt STEP 1 — KEY EXFILTRATION: User enters seed phrase or logs in with existing keys. Private view key → Base64 encoded → stored as "session_key" token. session_key transmitted to server in 40+ API requests per session: /api/getheightsync 12 requests/session /api/gettransactions 10 requests/session /api/getbalance 6 requests/session /api/getsubaddresses 4 requests/session /api/getoutputs 3 requests/session /api/support_login 1 request (backdoor endpoint) NONE of these endpoints require a private view key. Balance checks and height syncs are public blockchain queries. STEP 2 — TRANSACTION HIJACK: 1. Client builds transaction 2. raw_tx is nullified (raw_tx = 0) 3. Server reconstructs transaction with victim's keys 4. Funds redirected to attacker-controlled addresses 5. Victim sees "Unknown transaction id" on block explorer STEP 3 — SELECTIVE THEFT: Operator monitors balances in real-time via session_key. Small test deposits pass through normally (builds trust). Large deposits (>10 XMR) trigger theft within minutes to hours. Pattern confirmed by multiple victims independently. CODE DIVERGENCE: GitHub repo: last commit November 2018 Production: session_key, /support_login backdoor, Google Tag Manager Wayback Machine: no session_key in 2023, present in 2025 GitHub Issues #1–#12: deleted by operator (victim reports) CAPTCHA AS PROOF: Operator introduced CAPTCHA in Mar 2026 (after PhishDestroy exposure). A legitimate client-side wallet has no reason to CAPTCHA seed input. CAPTCHA was added to prevent automated seed flooding by PhishDestroy. This proves the server PROCESSES and STORES submitted seed phrases. Legitimate wallet = client-side only = CAPTCHA is meaningless. ================================================================================ 13. SEO/AI MANIPULATION CAMPAIGN ================================================================================ Full analysis: osint/seo-ai-manipulation.html Backlink data: osint/xmr_all_backlinks.csv (1,827 links) Referring domains: osint/xmr_all_refdomains.csv (1,262 domains) PAID PLACEMENTS (confirmed): crypto.news #1 "undoubtedly the standout" SPONSORED (#sponsored tag) guru99.com #1 "Editor's Choice" Affiliate link hackr.io #4 "Best Browser-Based" Editorial cryptopotato.com Dedicated review Implicit sponsored binance.com/square Cross-posted from crypto.news Third-party disclaimer PBN NETWORK: 50+ blogspot domains created Jul-Sep 2025 IPs: 192.178.155.132, 172.253.62.132, 142.251.167.132 (Google/Blogspot) Peak: Sep 2025 — 869 visits (3x normal) correlating with PBN spam burst PLATFORM SPAM: 6+ Google Sites pages (abrahambrantley) 6+ Google Cloud Storage pages WordPress (davidsingsones, hinrichspence30, ballhermanch91) Weebly (suzzenkerryb60, rachallelad52) AI CONTAMINATION: Paid articles published 2022-2023 entered ChatGPT/GPT-4 training data. Pre-2023 LLMs had no internet — relied entirely on training corpus. Result: ChatGPT recommends xmrwallet as "best Monero wallet." Even deleted articles persist in AI training data permanently. Self-reinforcing: AI recommends → new articles cite AI → AI trains on those. TRUSTPILOT FARMING: 76+ reviews, 4.2 rating. Waves of 5-star from single-review accounts. Operator responds to scam complaints: "you're referring to a clone site." ================================================================================ 14. NAMESILO CORPORATE STRUCTURE & SELF-DEALING ================================================================================ CORPORATE CHAIN: NameSilo, LLC (Phoenix, AZ) — registrar, IANA ID 1479 ↑ owned by NameSilo Technologies Corp (Vancouver, BC) — CSE:URL (public) ↑ 81.5% owned by Brisio Innovations Inc. (Vancouver, BC) — CSE:BZI (public) FOUNDERS/OFFICERS: Michael Goldfarb — co-founder, Phoenix AZ Michael McCallister — co-founder, Phoenix AZ Kristaps Ronka — CEO, NameSilo Technologies Corp PRIVACYGUARDIAN.ORG: NameSilo's own WHOIS privacy service. xmrwallet.com registered through PrivacyGuardian.org. WHOIS address 1928 E. Highland Ave. Ste F104 PMB# 255, AZ = NameSilo's address. NameSilo is simultaneously the registrar AND the privacy shield for the scammer. SELF-PURCHASE HYPOTHESIS: NameSilo reports 5.18M domains, C$65.5M revenue. 1,668,355 domains (32.2%) have NEVER been used — no IP, no email, no website. Dead domain registrations grew 7x in one year (2023→2024). Who registers 585,595 domains in 2025 and never uses any of them? If NameSilo or affiliates register domains through their own platform: - Each registration generates reported revenue - Revenue inflates public company valuation (CSE:URL) - P/E ratio: 143.8x (far above industry normal) - Investors buy shares based on inflated revenue - This constitutes securities fraud if confirmed The 5.18M domain list is included: namesilo-domains-5.1M.csv.gz (54MB) Any investigator can verify dead% independently. WHY DEAD DOMAINS MATTER: A real customer registers a domain to USE it (website, email, redirect). A domain with no IP + no email + no phone + never indexed = never used. $12M spent on domains that serve no purpose. This is consistent with: 1. Revenue inflation for public stock (CSE:URL) 2. Money laundering through domain purchases 3. Bulk domain parking for ad revenue (unverifiable) All three warrant investigation. ================================================================================ 15. ICANN COMPLAINTS & REGISTRAR OBLIGATIONS ================================================================================ ICANN RAA (Registrar Accreditation Agreement) Section 3.18: Registrars must investigate credible abuse reports. NameSilo received 20+ abuse reports about xmrwallet.com. NameSilo contacted the scammer, accepted their denial, closed all complaints. NameSilo published a public defense of the scammer on Twitter/X. ICANN COMPLAINT FILED: File: pdfs/icann-complaint-namesilo-xmrwallet.pdf Basis: RAA Section 3.18 violation Status: Filed, no response from ICANN as of 2026-05-14 ABUSE FORM DESIGN: NameSilo's abuse form does not send acknowledgment or ticket number. Complainant cannot prove a report was submitted. This appears designed to make abuse complaints unaccountable. OTHER REGISTRAR RESPONSES (for comparison): PublicDomainRegistry → xmrwallet.cc → SUSPENDED within days WebNic → xmrwallet.biz → SUSPENDED within days NICENIC → xmrwallet.net → DNS DEAD within days NameSilo → xmrwallet.com → Contacted operator → Public defense → Still active ================================================================================ 16. CONNECTIONS & CIRCUMSTANTIAL EVIDENCE ================================================================================ OPERATOR KNEW NAMESILO WOULD PROTECT THEM: Email Feb 16, 2026: "Feel free to subpoena the domain registrar" This was BEFORE NameSilo's public defense (Mar 13). The operator had confidence in NameSilo's loyalty before it was demonstrated. NAMESILO HELPED SUPPRESS DETECTION: NameSilo publicly praised the operator for lobbying Fortinet to remove "Phishing" classification from xmrwallet.com — while the phishing code was actively stealing keys on the production site. DMCA FROM RUSSIA — LUMEN DATABASE: Notice #50915938 (lumendatabase.org/notices/50915938) Date: February 12, 2025 Sender country: RU (Russia) Target: Google Maps listing warning about xmrwallet.com scam Sender calls xmrwallet.com "our company" and "legitimate business." Demands removal of warning to prevent "harm to a business's reputation." This proves: 1. Russian origin — sender is from RU, not Canada 2. Operator calls it a "business" — contradicts "volunteer project" claim 3. Suppression via legal threats — same pattern as all other platforms TIMELINE CORRELATION: Feb 2026: PhishDestroy contacts operator → operator deletes GitHub issues Feb 2026: Operator emails "feel free to subpoena the registrar" Mar 2026: 3 registrars suspend xmrwallet domains Mar 2026: NameSilo publishes public defense of operator Mar 2026: PhishDestroy Medium/dev.to articles deindexed Mar 2026: PhishDestroy Twitter account suspended (later restored) Apr 2026: PhishDestroy GitHub repository flagged Apr 2026: Bing deindexes investigation pages Each suppression within 24-72 hours of new evidence → coordinated FINANCIAL RELATIONSHIP (unproven, warrants subpoena): xmrwallet.com domain paid through 2031 (15-year prepaid) at NameSilo. Annual registration + bulletproof hosting + DDoS-Guard + SEO campaign = $15,000-$30,000/year operational cost for a "free volunteer project." Revenue from stolen XMR = $1.47M+ documented, $2M-$15M estimated. Question: Does any of this revenue flow back to NameSilo or its affiliates? WHAT A SUBPOENA WOULD REVEAL: 1. Real identity behind PrivacyGuardian WHOIS for xmrwallet.com 2. Payment method for 15-year domain registration 3. NameSilo internal abuse ticket handling (who closed them, why) 4. Whether "Nathalie Roy" is connected to NameSilo officers/shareholders 5. Google Analytics UA-116766241-1 — linked properties 6. IQWEB FZ-LLC billing records — who pays for bulletproof hosting 7. Financial records: NameSilo ↔ operator transactions ================================================================================ 17. LEGAL FRAMEWORK ================================================================================ Applicable laws: - 18 U.S.C. § 1343 (Wire Fraud) - 18 U.S.C. § 1030 (Computer Fraud and Abuse Act) - ICANN RAA Section 3.18 (registrar obligations) - Canada Criminal Code s. 380 (Fraud over $5000) - Canada Criminal Code s. 342.1 (Unauthorized use of computer) Jurisdictions: - Operator: Canada (Nathalie Roy) - Registrar: NameSilo Inc., Phoenix AZ / Vancouver BC (CSE:URL) - Hosting: IQWEB FZ-LLC (bulletproof, UAE registration) - Victims: International (US, Russia, China, Europe) ================================================================================ END OF MANIFEST ================================================================================